What is CVE-2019-1615?

CVE-2019-1615 is a medium-severity vulnerability in Cisco Nexus 3000 Series Switches, classified under Improper Verification of Cryptographic Signature. CVSS score: 6.7/10. Published 2019-03-11.

How severe is CVE-2019-1615?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Vulnerability in Cisco Nexus 3000 Series Switches

CVE-2019-1615

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerab…

EPSS: 0.001 (24.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Nexus 3000 Series Switches — versions unspecified
Cisco Nexus 9000 Series Fabric Switches In Aci Mode — versions unspecified
Cisco Nexus 9000 Series Switches In Standalone Nx-os Mode — versions unspecified
Cisco Nexus 9500 R-series Line Cards And Fabric Modules — versions unspecified

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

20190306 Cisco NX-OS Software Image Signature Verification Vulnerability (vendor-advisory, x_refsource_CISCO)
107397 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2019-1615?: CVE-2019-1615 is a medium-severity vulnerability in Cisco Nexus 3000 Series Switches, classified under Improper Verification of Cryptographic Signature. CVSS score: 6.7/10. Published 2019-03-11.
How severe is CVE-2019-1615?: Medium severity. CVSS v3 base score is 6.7 out of 10.